"With 79% of organizations expecting their number of third parties to increase over the next years, how can risk management professionals better prepare to keep their organizations secure?"

We answered this question plus others including, what trends are fueling this evolution and which technologies are best equipped to meet this new challenge in a recent webinar with Gartner’s Vice President of Research, Christopher Ambrose, and Mastercard’ Vice President of Strategy and Risk, Jonathan Ehret.

You can watch the full webinar below. However, here's a quick summary of the discussion. 


 

Landscape: Top Trends Impacting Third-Party Risk Management (TPRM)

  • 79% of organizations expect the number of third parties to increase over the next three years.
  • By 2027, 75% of employees will acquire, modify, or create technology outside IT’s visibility - up from 41% in 2022.
  • By 2025, 60% of organizations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements.
  • By 2025, 50% of cybersecurity leaders will have tried, unsuccessfully, to use cyber-risk quantification to drive enterprise decision making.

Challenges: Top Questions Plaguing TPRM Partitioners

  • How do I make sure that procured third-party solutions are secure?
  • How can I make third-party cyber risk activities more effective?
  • How can I validate the security posture of all my third parties at scale?
  • How do I get stakeholders to understand third-party cyber risks?
  • How do I stay better protected against raising cyber threats?
  • How do I ensure identified risk leads to actual controls implementation?

Next Steps: Determining TPRM Needs and Business Outcomes

Before identifying potential solution vendors, work with business stakeholders to align on key goals by determining the following;

  1. TPRM Business Drivers

Examples: program maturity, operational effectiveness, compliance

  1. TPRM Solution Scope

           Examples: full lifecycle, identification, assessment, remediation/mitigation, monitoring

  1. TPRM Use Cases

           Examples: TPRM program automation, risk intelligence and analytics, outsource TPRM program

  1. TPRM Risk Domains

           Examples: cyber, data privacy, ESG, operational, regulatory, financial

Solution: Choosing the Right TPRM Solution

It’s important to understand that the markets for TPRM are dynamic and the capabilities provided within the markets, vendors, solutions, and services are constantly changing. However, when determining which TPRM solution is best, many businesses should evaluate how well the solution fairs amongst the following criteria;

Data & Insights

  • Data accuracy
  • Data origination
  • Data sharing

Actionability, Prioritization, and Efficiency

  • Issue prioritization
  • Vendor action plans
  • Search functionality

User Experience

  • TPRM specific forethought
  • Easy of navigation
  • Flexible pricing

 

Curious to see how well your third parties are currently performing? Sign up for our 30-day trial .